Re: Russian Hacker story in today's news

["McCrary, Barbara" <bmccrary () OSRHE EDU>]

The trial services on their site and invisible terms of conditions referred to in the original post still bothers me.

Barbara McCrary
Chief Information Security Officer
MCSE, MCSE:Security, +Messaging, CompTia:Security+
bmccrary () osrhe edu<mailto:bmccrary () osrhe edu>

Protecting data is a shared responsibility!

INSTALL antivirus and antispyware software.
USE strong passwords.
KNOW who you are dealing with online.
STORE confidential and sensitive data on encrypted devices only.
SHUT DOWN home computers or disconnect from the Internet when not in use.

Oklahoma State Regents for Higher Education
655 Research Parkway
Suite 200
Oklahoma City, OK  73104
405 225.9316 office
405 234.4321 cell
405 234.4588 fax

Note:  This communication and attachments, if any, are intended solely for the use of the addressee hereof.  In 
addition, this information and attachments, if any, may contain information that is confidential, privileged and exempt 
from disclosure under applicable law, including, but not limited to, the Privacy Act of 1974.  If you are not the 
intended recipient of this information, you are prohibited from reading, disclosing, reproducing, distributing, 
disseminating, or otherwise using this information.  If you have received this message in error, please promptly notify 
the sender and immediately, delete this communication from your system.


From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keller, 
Alex
Sent: Wednesday, August 06, 2014 12:37 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Russian Hacker story in today's news

Yes, Krebs posted around the same time I sent my response to the list. It holds a lot of weight that Brian is vouching 
for him.

I stand ready to eat some crow pie, but let's just see how this plays out...

Best,
alex

Alex Keller
Information Technology
Stanford School of Engineering
axkeller () stanford edu<mailto:axkeller () stanford edu>
(650) 736-6421
[SoE_IT_Logo]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Brad Judy
Sent: Wednesday, August 06, 2014 10:23 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Russian Hacker story in today's news

Brian Krebs has posted on the topic today:

http://krebsonsecurity.com/2014/08/qa-on-the-reported-theft-of-1-2b-email-accounts/

Brad Judy

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Keller, 
Alex
Sent: Wednesday, August 06, 2014 11:15 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Russian Hacker story in today's news

Hi Folks,

I read the NY Times article yesterday and it immediately triggered the BS meter. Article is exceedingly light on 
details.

Hold Security website is rudimentary and vague:
http://www.holdsecurity.com

WordPress admin interface is running over HTTP (no SSL available):
http://www.holdsecurity.com/wp-admin

They list Brian Krebs (of Krebs on Security) as a "special advisor":
http://www.holdsecurity.com/about/advisory-board/

But Brian has made no note of this story on his blog:
http://krebsonsecurity.com

None of this passes even the most basic sniff test.

Best,
alex


*http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html




Alex Keller
Information Technology
Stanford School of Engineering
axkeller () stanford edu<mailto:axkeller () stanford edu>
(650) 736-6421
[SoE_IT_Logo]

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chuck 
Braden
Sent: Wednesday, August 06, 2014 6:02 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: Re: [SECURITY] Russian Hacker story in today's news

> As I read Hold Security's release this seems to be more of a marketing ploy to sell services combined with a 
> credential collection scheme of their own.

A news resource I heard this morning said they would provide an ability for users to query to see if their ID or what 
websites had been compromised. No word when that would be available... Im not hearing a lot from the vendor either - 
other than crickets and a cash register bell ring. :-/


Jimmy C Braden
Information Security Officer
AgriLife Information Technology
979-862-7254
j-braden () tamu edu<mailto:j-braden () tamu edu>

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Slocum, 
Stacy
Sent: Wednesday, August 06, 2014 7:57 AM
To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU>
Subject: [SECURITY] Russian Hacker story in today's news

Good morning,

A news story caught my attention this morning regarding the 1+ billion user accounts being collected by "Russian 
Hackers" over the last 18 months.

The story is based on Hold Security's news release dated yesterday (8/5/2014).  As I read Hold Security's release this 
seems to be more of a marketing ploy to sell services combined with a credential collection scheme of their own.  
Additionally their Terms of Service must be agreed to before registering for their "trial" service of matching your 
credentials with those from contained in the breach database and they offer to let you know if your password was also 
in the breached data... after you provide it to them...

Does this seem odd to anyone else?

Thanks,
Stacy

Stacy Slocum
Chief Information Officer
St. John Fisher College
3690 East Avenue
Rochester, NY 14618
(585) 385-8388